Dear Alan DeKok and Alan Buxey Thank you for your answers. Message to Alan Buxey: i can't add "Auth-Type := LDAP" in the authorize section. i tried differents ways but i can only write a syntax like "Auth-Type := LDAP" in the auhentication section. In the authentication section i have this: Auth-Type LDAP { ldap } Message to Alan DeKok: I changed my default file and my inner-tunnel file to the default configuration. I also added/checked the module eap in the authtorize section. i changed and checked some elements steps by steps like recommended. Unfortunaly my configuration still doesn't work. my log: Listening on auth address * port 1812 bound to server default Listening on acct address * port 1813 bound to server default Listening on auth address :: port 1812 bound to server default Listening on acct address :: port 1813 bound to server default Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel Listening on proxy address * port 54919 Listening on proxy address :: port 33469 Ready to process requests (0) Received Access-Request Id 60 from 192.168.200.20:51098 to 192.168.10.124:1812 length 269 (0) User-Name = "chris.nzengue" (0) Chargeable-User-Identity = 0x14 (0) Location-Capable = Civic-Location (0) Calling-Station-Id = "98-5a-eb-8e-1c-5c" (0) Called-Station-Id = "00-fc-ba-e1-8f-a0:radius_test" (0) NAS-Port = 1 (0) Cisco-AVPair = "audit-session-id=14c8a8c000008a27065f0f64" (0) Acct-Session-Id = "640f5efa/98:5a:eb:8e:1c:5c/36015" (0) NAS-IP-Address = 192.168.200.20 (0) NAS-Identifier = "Dejamobile" (0) Airespace-Wlan-Id = 1 (0) Service-Type = Framed-User (0) Framed-MTU = 1300 (0) NAS-Port-Type = Wireless-802.11 (0) EAP-Message = 0x020100120163687269732e6e7a656e677565 (0) Message-Authenticator = 0x152d6c9151ccc00eda8651079e743f0f (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "chris.nzengue", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: Peer sent EAP Response (code 2) ID 1 length 18 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = eap (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_ttls to process data (0) eap_ttls: (TLS) Initiating new session (0) eap: Sending EAP Request (code 1) ID 2 length 6 (0) eap: EAP session adding &reply:State = 0x3928d6d2392ac3c4 (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) Challenge { ... } # empty sub-section is ignored (0) session-state: Saving cached attributes (0) Framed-MTU = 994 (0) Sent Access-Challenge Id 60 from 192.168.10.124:1812 to 192.168.200.20:51098 length 64 (0) EAP-Message = 0x010200061520 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0x3928d6d2392ac3c470d72d9dc025396c (0) Finished request Waking up in 4.9 seconds. (1) Received Access-Request Id 61 from 192.168.200.20:51098 to 192.168.10.124:1812 length 430 (1) User-Name = "chris.nzengue" (1) Chargeable-User-Identity = 0x14 (1) Location-Capable = Civic-Location (1) Calling-Station-Id = "98-5a-eb-8e-1c-5c" (1) Called-Station-Id = "00-fc-ba-e1-8f-a0:radius_test" (1) NAS-Port = 1 (1) Cisco-AVPair = "audit-session-id=14c8a8c000008a27065f0f64" (1) Acct-Session-Id = "640f5efa/98:5a:eb:8e:1c:5c/36015" (1) NAS-IP-Address = 192.168.200.20 (1) NAS-Identifier = "Dejamobile" (1) Airespace-Wlan-Id = 1 (1) Service-Type = Framed-User (1) Framed-MTU = 1300 (1) NAS-Port-Type = Wireless-802.11 (1) EAP-Message = 0x020200a115800000009716030100920100008e0303640f5f3b217e84d6eb2bb1dc0e3862e4301609d5dd8156ea582ee9e9618ce89200002c00ffc02cc02bc024c023c00ac009c008c030c02fc028c027c014c013c012009d009c003d003c0035002f000a01000039000a00080006001700180019000b00020100000d00120010040102010501060104030203050306030005000501000000000012000000170000 (1) State = 0x3928d6d2392ac3c470d72d9dc025396c (1) Message-Authenticator = 0x5e4ed5f1554b77fb9eca516f0b622090 (1) Restoring &session-state (1) &session-state:Framed-MTU = 994 (1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (1) authorize { (1) policy filter_username { (1) if (&User-Name) { (1) if (&User-Name) -> TRUE (1) if (&User-Name) { (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@[^@]*@/ ) { (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # if (&User-Name) = notfound (1) } # policy filter_username = notfound (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "chris.nzengue", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) eap: Peer sent EAP Response (code 2) ID 2 length 161 (1) eap: Continuing tunnel setup (1) [eap] = ok (1) } # authorize = ok (1) Found Auth-Type = eap (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0x3928d6d2392ac3c4 (1) eap: Finished EAP session with state 0x3928d6d2392ac3c4 (1) eap: Previous EAP request found for state 0x3928d6d2392ac3c4, released from the list (1) eap: Peer sent packet with method EAP TTLS (21) (1) eap: Calling submodule eap_ttls to process data (1) eap_ttls: Authenticate (1) eap_ttls: (TLS) EAP Peer says that the final record size will be 151 bytes (1) eap_ttls: (TLS) EAP Got all data (151 bytes) (1) eap_ttls: (TLS) Handshake state - before SSL initialization (1) eap_ttls: (TLS) Handshake state - Server before SSL initialization (1) eap_ttls: (TLS) Handshake state - Server before SSL initialization (1) eap_ttls: (TLS) recv TLS 1.3 Handshake, ClientHello (1) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS read client hello (1) eap_ttls: (TLS) send TLS 1.2 Handshake, ServerHello (1) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS write server hello (1) eap_ttls: (TLS) send TLS 1.2 Handshake, Certificate (1) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS write certificate (1) eap_ttls: (TLS) send TLS 1.2 Handshake, ServerKeyExchange (1) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS write key exchange (1) eap_ttls: (TLS) send TLS 1.2 Handshake, ServerHelloDone (1) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS write server done (1) eap_ttls: (TLS) Server : Need to read more data: SSLv3/TLS write server done (1) eap_ttls: (TLS) In Handshake Phase (1) eap: Sending EAP Request (code 1) ID 3 length 1004 (1) eap: EAP session adding &reply:State = 0x3928d6d2382bc3c4 (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) Challenge { ... } # empty sub-section is ignored (1) session-state: Saving cached attributes (1) Framed-MTU = 994 (1) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello" (1) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello" (1) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate" (1) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange" (1) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone" (1) Sent Access-Challenge Id 61 from 192.168.10.124:1812 to 192.168.200.20:51098 length 1068 (1) EAP-Message = 0x010303ec15c0000004b1160303003d0200003903032f11de33c426afb2d9497c86e2a911e6b439474f3cb137da7395b16ee2b50b6f00c030000011ff01000100000b00040300010200170000160303030f0b00030b00030800030530820301308201e9a00302010202140ea85d3ec7ee7aec904f3547480a14d73c892031300d06092a864886f70d01010b050030173115301306035504030c0c726164697573736572766572301e170d3232313131363134303934355a170d3332313131333134303934355a30173115301306035504030c0c72616469757373657276657230820122300d06092a864886f70d01010105000382010f003082010a0282010100adda610f374fc54e2949f1d9a7ba9ad8abf1c24a9773f9ab5fa50b43fefd07a7c61da781fd53b4277cdbe46b9964548a4125a313d4d3df6ee6593fe9dba778843c02dfa1ebceeaf17370dd8604a60085efa9d7b78b0ad571a378b30074bbabef337174fdef87ab30482289f75f3661d0b972299e9aefab (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0x3928d6d2382bc3c470d72d9dc025396c (1) Finished request Waking up in 4.9 seconds. (2) Received Access-Request Id 62 from 192.168.200.20:51098 to 192.168.10.124:1812 length 275 (2) User-Name = "chris.nzengue" (2) Chargeable-User-Identity = 0x14 (2) Location-Capable = Civic-Location (2) Calling-Station-Id = "98-5a-eb-8e-1c-5c" (2) Called-Station-Id = "00-fc-ba-e1-8f-a0:radius_test" (2) NAS-Port = 1 (2) Cisco-AVPair = "audit-session-id=14c8a8c000008a27065f0f64" (2) Acct-Session-Id = "640f5efa/98:5a:eb:8e:1c:5c/36015" (2) NAS-IP-Address = 192.168.200.20 (2) NAS-Identifier = "Dejamobile" (2) Airespace-Wlan-Id = 1 (2) Service-Type = Framed-User (2) Framed-MTU = 1300 (2) NAS-Port-Type = Wireless-802.11 (2) EAP-Message = 0x020300061500 (2) State = 0x3928d6d2382bc3c470d72d9dc025396c (2) Message-Authenticator = 0xf72e4e265499850d5d6421aded843c88 (2) Restoring &session-state (2) &session-state:Framed-MTU = 994 (2) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello" (2) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello" (2) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate" (2) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange" (2) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone" (2) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (2) authorize { (2) policy filter_username { (2) if (&User-Name) { (2) if (&User-Name) -> TRUE (2) if (&User-Name) { (2) if (&User-Name =~ / /) { (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@[^@]*@/ ) { (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (2) if (&User-Name =~ /\.\./ ) { (2) if (&User-Name =~ /\.\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (2) if (&User-Name =~ /\.$/) { (2) if (&User-Name =~ /\.$/) -> FALSE (2) if (&User-Name =~ /@\./) { (2) if (&User-Name =~ /@\./) -> FALSE (2) } # if (&User-Name) = notfound (2) } # policy filter_username = notfound (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) suffix: Checking for suffix after "@" (2) suffix: No '@' in User-Name = "chris.nzengue", looking up realm NULL (2) suffix: No such realm "NULL" (2) [suffix] = noop (2) eap: Peer sent EAP Response (code 2) ID 3 length 6 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = eap (2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (2) authenticate { (2) eap: Expiring EAP session with state 0x3928d6d2382bc3c4 (2) eap: Finished EAP session with state 0x3928d6d2382bc3c4 (2) eap: Previous EAP request found for state 0x3928d6d2382bc3c4, released from the list (2) eap: Peer sent packet with method EAP TTLS (21) (2) eap: Calling submodule eap_ttls to process data (2) eap_ttls: Authenticate (2) eap_ttls: (TLS) Peer ACKed our handshake fragment (2) eap: Sending EAP Request (code 1) ID 4 length 217 (2) eap: EAP session adding &reply:State = 0x3928d6d23b2cc3c4 (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (2) Challenge { ... } # empty sub-section is ignored (2) session-state: Saving cached attributes (2) Framed-MTU = 994 (2) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello" (2) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello" (2) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate" (2) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange" (2) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone" (2) Sent Access-Challenge Id 62 from 192.168.10.124:1812 to 192.168.200.20:51098 length 275 (2) EAP-Message = 0x010400d91580000004b1bf0b7836f57013f68d84f283d18386c495f55bf6aefb9ffe13fa9ec4dc7558c1d64614cbfe1b150c6c5557eca368492d9f0703e9df123c9afa1ad66d2270997a6d9dd2108d864e63548e04e8822559864fa2763023bff6c9482116a090880534024828465510f207f1e82753981e4edfe992d2e34946f371c7b4e9ff950bffe7921daf41e7b35adcd3ed7b38ef2beb6e6c5b5797a3d3e3dcdf5e5935cb22cbbb074171beac78ba5516e39b7028280ceb40c91e5f05209cd8114a47e7c216237261cfbde7bf6b16030300040e000000 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0x3928d6d23b2cc3c470d72d9dc025396c (2) Finished request Waking up in 4.9 seconds. (3) Received Access-Request Id 63 from 192.168.200.20:51098 to 192.168.10.124:1812 length 405 (3) User-Name = "chris.nzengue" (3) Chargeable-User-Identity = 0x14 (3) Location-Capable = Civic-Location (3) Calling-Station-Id = "98-5a-eb-8e-1c-5c" (3) Called-Station-Id = "00-fc-ba-e1-8f-a0:radius_test" (3) NAS-Port = 1 (3) Cisco-AVPair = "audit-session-id=14c8a8c000008a27065f0f64" (3) Acct-Session-Id = "640f5efa/98:5a:eb:8e:1c:5c/36015" (3) NAS-IP-Address = 192.168.200.20 (3) NAS-Identifier = "Dejamobile" (3) Airespace-Wlan-Id = 1 (3) Service-Type = Framed-User (3) Framed-MTU = 1300 (3) NAS-Port-Type = Wireless-802.11 (3) EAP-Message = 0x0204008815800000007e1603030046100000424104533ca32d47edc703e275388f1effbc8eb436405d6aa3738351c3fba56c00973994a438ee6f424fb5509e7f5f9941b6eeec7e1df3979458f10c6214296159cf5914030300010116030300287faf547f2d6fb7d3c55e5be7259a0f1cd3caafd860197082b595fe088774085dc4325485792a77bb (3) State = 0x3928d6d23b2cc3c470d72d9dc025396c (3) Message-Authenticator = 0x79689f3375c63ab53647785b94456026 (3) Restoring &session-state (3) &session-state:Framed-MTU = 994 (3) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello" (3) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello" (3) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate" (3) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange" (3) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone" (3) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (3) authorize { (3) policy filter_username { (3) if (&User-Name) { (3) if (&User-Name) -> TRUE (3) if (&User-Name) { (3) if (&User-Name =~ / /) { (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@[^@]*@/ ) { (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (3) if (&User-Name =~ /\.\./ ) { (3) if (&User-Name =~ /\.\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (3) if (&User-Name =~ /\.$/) { (3) if (&User-Name =~ /\.$/) -> FALSE (3) if (&User-Name =~ /@\./) { (3) if (&User-Name =~ /@\./) -> FALSE (3) } # if (&User-Name) = notfound (3) } # policy filter_username = notfound (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) suffix: Checking for suffix after "@" (3) suffix: No '@' in User-Name = "chris.nzengue", looking up realm NULL (3) suffix: No such realm "NULL" (3) [suffix] = noop (3) eap: Peer sent EAP Response (code 2) ID 4 length 136 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = eap (3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (3) authenticate { (3) eap: Expiring EAP session with state 0x3928d6d23b2cc3c4 (3) eap: Finished EAP session with state 0x3928d6d23b2cc3c4 (3) eap: Previous EAP request found for state 0x3928d6d23b2cc3c4, released from the list (3) eap: Peer sent packet with method EAP TTLS (21) (3) eap: Calling submodule eap_ttls to process data (3) eap_ttls: Authenticate (3) eap_ttls: (TLS) EAP Peer says that the final record size will be 126 bytes (3) eap_ttls: (TLS) EAP Got all data (126 bytes) (3) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS write server done (3) eap_ttls: (TLS) recv TLS 1.2 Handshake, ClientKeyExchange (3) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS read client key exchange (3) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS read change cipher spec (3) eap_ttls: (TLS) recv TLS 1.2 Handshake, Finished (3) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS read finished (3) eap_ttls: (TLS) send TLS 1.2 ChangeCipherSpec (3) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS write change cipher spec (3) eap_ttls: (TLS) send TLS 1.2 Handshake, Finished (3) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS write finished (3) eap_ttls: (TLS) Handshake state - SSL negotiation finished successfully (3) eap_ttls: (TLS) Connection Established (3) eap_ttls: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (3) eap_ttls: TLS-Session-Version = "TLS 1.2" (3) eap: Sending EAP Request (code 1) ID 5 length 61 (3) eap: EAP session adding &reply:State = 0x3928d6d23a2dc3c4 (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (3) Challenge { ... } # empty sub-section is ignored (3) session-state: Saving cached attributes (3) Framed-MTU = 994 (3) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello" (3) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello" (3) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate" (3) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange" (3) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone" (3) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange" (3) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished" (3) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec" (3) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished" (3) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (3) TLS-Session-Version = "TLS 1.2" (3) Sent Access-Challenge Id 63 from 192.168.10.124:1812 to 192.168.200.20:51098 length 119 (3) EAP-Message = 0x0105003d158000000033140303000101160303002860d606d18ea71d16b3c68c4ae06da363a94b18bae53e6c81c1d6858d6f02f6d40be4b094449db2d7 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0x3928d6d23a2dc3c470d72d9dc025396c (3) Finished request Waking up in 4.9 seconds. (4) Received Access-Request Id 64 from 192.168.200.20:51098 to 192.168.10.124:1812 length 336 (4) User-Name = "chris.nzengue" (4) Chargeable-User-Identity = 0x14 (4) Location-Capable = Civic-Location (4) Calling-Station-Id = "98-5a-eb-8e-1c-5c" (4) Called-Station-Id = "00-fc-ba-e1-8f-a0:radius_test" (4) NAS-Port = 1 (4) Cisco-AVPair = "audit-session-id=14c8a8c000008a27065f0f64" (4) Acct-Session-Id = "640f5efa/98:5a:eb:8e:1c:5c/36015" (4) NAS-IP-Address = 192.168.200.20 (4) NAS-Identifier = "Dejamobile" (4) Airespace-Wlan-Id = 1 (4) Service-Type = Framed-User (4) Framed-MTU = 1300 (4) NAS-Port-Type = Wireless-802.11 (4) EAP-Message = 0x0205004315800000003917030300347faf547f2d6fb7d49a7c5eecbf2f091d6fa4b0d4f764f0d8b00b14a40df28858de23dccc5fcc4980690298cf1097a44b39977dcd (4) State = 0x3928d6d23a2dc3c470d72d9dc025396c (4) Message-Authenticator = 0x7231f57f1ffe824ddc3ef6e4618cda9b (4) Restoring &session-state (4) &session-state:Framed-MTU = 994 (4) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello" (4) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello" (4) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate" (4) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange" (4) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone" (4) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange" (4) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished" (4) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec" (4) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished" (4) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (4) &session-state:TLS-Session-Version = "TLS 1.2" (4) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (4) authorize { (4) policy filter_username { (4) if (&User-Name) { (4) if (&User-Name) -> TRUE (4) if (&User-Name) { (4) if (&User-Name =~ / /) { (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@[^@]*@/ ) { (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (4) if (&User-Name =~ /\.\./ ) { (4) if (&User-Name =~ /\.\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (4) if (&User-Name =~ /\.$/) { (4) if (&User-Name =~ /\.$/) -> FALSE (4) if (&User-Name =~ /@\./) { (4) if (&User-Name =~ /@\./) -> FALSE (4) } # if (&User-Name) = notfound (4) } # policy filter_username = notfound (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "chris.nzengue", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) eap: Peer sent EAP Response (code 2) ID 5 length 67 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = eap (4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (4) authenticate { (4) eap: Expiring EAP session with state 0x3928d6d23a2dc3c4 (4) eap: Finished EAP session with state 0x3928d6d23a2dc3c4 (4) eap: Previous EAP request found for state 0x3928d6d23a2dc3c4, released from the list (4) eap: Peer sent packet with method EAP TTLS (21) (4) eap: Calling submodule eap_ttls to process data (4) eap_ttls: Authenticate (4) eap_ttls: (TLS) EAP Peer says that the final record size will be 57 bytes (4) eap_ttls: (TLS) EAP Got all data (57 bytes) (4) eap_ttls: Session established. Proceeding to decode tunneled attributes (4) eap_ttls: Got tunneled request (4) eap_ttls: EAP-Message = 0x020000120163687269732e6e7a656e677565 (4) eap_ttls: FreeRADIUS-Proxied-To = 127.0.0.1 (4) eap_ttls: Got tunneled identity of chris.nzengue (4) eap_ttls: Setting default EAP type for tunneled EAP session (4) eap_ttls: Sending tunneled request (4) Virtual server inner-tunnel received request (4) EAP-Message = 0x020000120163687269732e6e7a656e677565 (4) FreeRADIUS-Proxied-To = 127.0.0.1 (4) User-Name = "chris.nzengue" (4) WARNING: Outer and inner identities are the same. User privacy is compromised. (4) server inner-tunnel { (4) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (4) authorize { (4) policy filter_username { (4) if (&User-Name) { (4) if (&User-Name) -> TRUE (4) if (&User-Name) { (4) if (&User-Name =~ / /) { (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@[^@]*@/ ) { (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (4) if (&User-Name =~ /\.\./ ) { (4) if (&User-Name =~ /\.\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (4) if (&User-Name =~ /\.$/) { (4) if (&User-Name =~ /\.$/) -> FALSE (4) if (&User-Name =~ /@\./) { (4) if (&User-Name =~ /@\./) -> FALSE (4) } # if (&User-Name) = notfound (4) } # policy filter_username = notfound (4) [chap] = noop (4) [mschap] = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "chris.nzengue", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) update control { (4) &Proxy-To-Realm := LOCAL (4) } # update control = noop (4) eap: Peer sent EAP Response (code 2) ID 0 length 18 (4) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = eap (4) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (4) authenticate { (4) eap: Peer sent packet with method EAP Identity (1) (4) eap: Calling submodule eap_md5 to process data (4) eap_md5: Issuing MD5 Challenge (4) eap: Sending EAP Request (code 1) ID 1 length 22 (4) eap: EAP session adding &reply:State = 0x106ef3d5106ff7e6 (4) [eap] = handled (4) } # authenticate = handled (4) } # server inner-tunnel (4) Virtual server sending reply (4) EAP-Message = 0x010100160410a7b40954aa2a2708b16d9fcb7ef44fc8 (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0x106ef3d5106ff7e6264667ace5f7b4d2 (4) eap_ttls: Got tunneled Access-Challenge (4) eap: Sending EAP Request (code 1) ID 6 length 71 (4) eap: EAP session adding &reply:State = 0x3928d6d23d2ec3c4 (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (4) Challenge { ... } # empty sub-section is ignored (4) session-state: Saving cached attributes (4) Framed-MTU = 994 (4) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello" (4) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello" (4) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate" (4) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange" (4) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone" (4) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange" (4) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished" (4) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec" (4) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished" (4) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (4) TLS-Session-Version = "TLS 1.2" (4) Sent Access-Challenge Id 64 from 192.168.10.124:1812 to 192.168.200.20:51098 length 129 (4) EAP-Message = 0x0106004715800000003d170303003860d606d18ea71d17d954a1cc464eeb9c3042d45f159a59b49ae258e5511653994c15478a525d0883f7bf3a4cbf95ab1215fe9b9d3a4dbcd3 (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0x3928d6d23d2ec3c470d72d9dc025396c (4) Finished request Waking up in 4.9 seconds. (5) Received Access-Request Id 65 from 192.168.200.20:51098 to 192.168.10.124:1812 length 352 (5) User-Name = "chris.nzengue" (5) Chargeable-User-Identity = 0x14 (5) Location-Capable = Civic-Location (5) Calling-Station-Id = "98-5a-eb-8e-1c-5c" (5) Called-Station-Id = "00-fc-ba-e1-8f-a0:radius_test" (5) NAS-Port = 1 (5) Cisco-AVPair = "audit-session-id=14c8a8c000008a27065f0f64" (5) Acct-Session-Id = "640f5efa/98:5a:eb:8e:1c:5c/36015" (5) NAS-IP-Address = 192.168.200.20 (5) NAS-Identifier = "Dejamobile" (5) Airespace-Wlan-Id = 1 (5) Service-Type = Framed-User (5) Framed-MTU = 1300 (5) NAS-Port-Type = Wireless-802.11 (5) EAP-Message = 0x0206005315800000004917030300447faf547f2d6fb7d5abcaaf1c210b8e0187dbcb790c3e36ba59060260fad4e263465a94afa3ccef5d7e76f84d6f46d3d30998f3c80c52a22e54de4e5c2a807294a4aca3db (5) State = 0x3928d6d23d2ec3c470d72d9dc025396c (5) Message-Authenticator = 0xa69f949d8589b0539d6e70fbcc826bc6 (5) Restoring &session-state (5) &session-state:Framed-MTU = 994 (5) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello" (5) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello" (5) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate" (5) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange" (5) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone" (5) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange" (5) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished" (5) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec" (5) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished" (5) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (5) &session-state:TLS-Session-Version = "TLS 1.2" (5) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (5) authorize { (5) policy filter_username { (5) if (&User-Name) { (5) if (&User-Name) -> TRUE (5) if (&User-Name) { (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@[^@]*@/ ) { (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # if (&User-Name) = notfound (5) } # policy filter_username = notfound (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "chris.nzengue", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) eap: Peer sent EAP Response (code 2) ID 6 length 83 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = eap (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (5) authenticate { (5) eap: Expiring EAP session with state 0x106ef3d5106ff7e6 (5) eap: Finished EAP session with state 0x3928d6d23d2ec3c4 (5) eap: Previous EAP request found for state 0x3928d6d23d2ec3c4, released from the list (5) eap: Peer sent packet with method EAP TTLS (21) (5) eap: Calling submodule eap_ttls to process data (5) eap_ttls: Authenticate (5) eap_ttls: (TLS) EAP Peer says that the final record size will be 73 bytes (5) eap_ttls: (TLS) EAP Got all data (73 bytes) (5) eap_ttls: Session established. Proceeding to decode tunneled attributes (5) eap_ttls: Got tunneled request (5) eap_ttls: EAP-Message = 0x020100230410400fe50041a6197c7046c3839f170c2e63687269732e6e7a656e677565 (5) eap_ttls: FreeRADIUS-Proxied-To = 127.0.0.1 (5) eap_ttls: Sending tunneled request (5) Virtual server inner-tunnel received request (5) EAP-Message = 0x020100230410400fe50041a6197c7046c3839f170c2e63687269732e6e7a656e677565 (5) FreeRADIUS-Proxied-To = 127.0.0.1 (5) User-Name = "chris.nzengue" (5) State = 0x106ef3d5106ff7e6264667ace5f7b4d2 (5) WARNING: Outer and inner identities are the same. User privacy is compromised. (5) server inner-tunnel { (5) session-state: No cached attributes (5) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (5) authorize { (5) policy filter_username { (5) if (&User-Name) { (5) if (&User-Name) -> TRUE (5) if (&User-Name) { (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@[^@]*@/ ) { (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # if (&User-Name) = notfound (5) } # policy filter_username = notfound (5) [chap] = noop (5) [mschap] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "chris.nzengue", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) update control { (5) &Proxy-To-Realm := LOCAL (5) } # update control = noop (5) eap: Peer sent EAP Response (code 2) ID 1 length 35 (5) eap: No EAP Start, assuming it's an on-going EAP conversation (5) [eap] = updated (5) files: Searching for user in group "AADDC Users" rlm_ldap (ldap): Reserved connection (0) (5) files: EXPAND (&(objectClass=user)(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})) (5) files: --> (&(objectClass=user)(sAMAccountName=chris.nzengue)) (5) files: Performing search in "ou=AADDC Users,dc=dejamobile,dc=com" with filter "(&(objectClass=user)(sAMAccountName=chris.nzengue))", scope "sub" (5) files: Waiting for search result... (5) files: User object found at DN "CN=Chris Nzengue - dejamobile externe,OU=AADDC Users,DC=dejamobile,DC=com" (5) files: Checking user object's memberOf attributes (5) files: Performing unfiltered search in "CN=Chris Nzengue - dejamobile externe,OU=AADDC Users,DC=dejamobile,DC=com", scope "base" (5) files: Waiting for search result... (5) files: Processing memberOf value "CN=SSL_VPN_SSO,OU=AADDC Users,DC=dejamobile,DC=com" as a DN (5) files: Resolving group DN "CN=SSL_VPN_SSO,OU=AADDC Users,DC=dejamobile,DC=com" to group name (5) files: Performing unfiltered search in "CN=SSL_VPN_SSO,OU=AADDC Users,DC=dejamobile,DC=com", scope "base" (5) files: Waiting for search result... (5) files: Group DN "CN=SSL_VPN_SSO,OU=AADDC Users,DC=dejamobile,DC=com" resolves to name "SSL_VPN_SSO" (5) files: Processing memberOf value "CN=DejaTeam,OU=AADDC Users,DC=dejamobile,DC=com" as a DN (5) files: Resolving group DN "CN=DejaTeam,OU=AADDC Users,DC=dejamobile,DC=com" to group name (5) files: Performing unfiltered search in "CN=DejaTeam,OU=AADDC Users,DC=dejamobile,DC=com", scope "base" (5) files: Waiting for search result... (5) files: Group DN "CN=DejaTeam,OU=AADDC Users,DC=dejamobile,DC=com" resolves to name "DejaTeam" (5) files: Processing memberOf value "CN=deja-developpeur,OU=AADDC Users,DC=dejamobile,DC=com" as a DN (5) files: Resolving group DN "CN=deja-developpeur,OU=AADDC Users,DC=dejamobile,DC=com" to group name (5) files: Performing unfiltered search in "CN=deja-developpeur,OU=AADDC Users,DC=dejamobile,DC=com", scope "base" (5) files: Waiting for search result... (5) files: Group DN "CN=deja-developpeur,OU=AADDC Users,DC=dejamobile,DC=com" resolves to name "deja-developpeur" rlm_ldap (ldap): Released connection (0) Need more connections to reach 10 spares rlm_ldap (ldap): Opening additional connection (5), 1 of 27 pending slots used rlm_ldap (ldap): Connecting to ldaps://aadds.dejamobile.com:636 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful (5) files: User is not a member of "AADDC Users" (5) [files] = noop rlm_ldap (ldap): Reserved connection (1) (5) ldap: EXPAND (&(objectClass=user)(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})) (5) ldap: --> (&(objectClass=user)(sAMAccountName=chris.nzengue)) (5) ldap: Performing search in "ou=AADDC Users,dc=dejamobile,dc=com" with filter "(&(objectClass=user)(sAMAccountName=chris.nzengue))", scope "sub" (5) ldap: Waiting for search result... (5) ldap: User object found at DN "CN=Chris Nzengue - dejamobile externe,OU=AADDC Users,DC=dejamobile,DC=com" (5) ldap: Processing user attributes (5) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute (5) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure) rlm_ldap (ldap): Released connection (1) (5) [ldap] = ok (5) [expiration] = noop (5) [logintime] = noop (5) [pap] = noop (5) } # authorize = updated (5) Found Auth-Type = eap (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (5) authenticate { (5) eap: Expiring EAP session with state 0x106ef3d5106ff7e6 (5) eap: Finished EAP session with state 0x106ef3d5106ff7e6 (5) eap: Previous EAP request found for state 0x106ef3d5106ff7e6, released from the list (5) eap: Peer sent packet with method EAP MD5 (4) (5) eap: Calling submodule eap_md5 to process data (5) eap_md5: ERROR: Cleartext-Password is required for EAP-MD5 authentication (5) eap: ERROR: Failed continuing EAP MD5 (4) session. EAP sub-module failed (5) eap: Sending EAP Failure (code 4) ID 1 length 4 (5) eap: Failed in EAP select (5) [eap] = invalid (5) } # authenticate = invalid (5) Failed to authenticate the user (5) Using Post-Auth-Type Reject (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (5) Post-Auth-Type REJECT { (5) attr_filter.access_reject: EXPAND %{User-Name} (5) attr_filter.access_reject: --> chris.nzengue (5) attr_filter.access_reject: Matched entry DEFAULT at line 11 (5) [attr_filter.access_reject] = updated (5) update outer.session-state { (5) &Module-Failure-Message := &request:Module-Failure-Message -> 'eap_md5: Cleartext-Password is required for EAP-MD5 authentication' (5) } # update outer.session-state = noop (5) } # Post-Auth-Type REJECT = updated (5) } # server inner-tunnel (5) Virtual server sending reply (5) EAP-Message = 0x04010004 (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) eap_ttls: Got tunneled Access-Reject (5) eap: ERROR: Failed continuing EAP TTLS (21) session. EAP sub-module failed (5) eap: Sending EAP Failure (code 4) ID 6 length 4 (5) eap: Failed in EAP select (5) [eap] = invalid (5) } # authenticate = invalid (5) Failed to authenticate the user (5) Using Post-Auth-Type Reject (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (5) Post-Auth-Type REJECT { (5) attr_filter.access_reject: EXPAND %{User-Name} (5) attr_filter.access_reject: --> chris.nzengue (5) attr_filter.access_reject: Matched entry DEFAULT at line 11 (5) [attr_filter.access_reject] = updated (5) [eap] = noop (5) policy remove_reply_message_if_eap { (5) if (&reply:EAP-Message && &reply:Reply-Message) { (5) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (5) else { (5) [noop] = noop (5) } # else = noop (5) } # policy remove_reply_message_if_eap = noop (5) } # Post-Auth-Type REJECT = updated (5) Delaying response for 1.000000 seconds Waking up in 0.1 seconds. Waking up in 0.8 seconds. (5) Sending delayed response (5) Sent Access-Reject Id 65 from 192.168.10.124:1812 to 192.168.200.20:51098 length 44 (5) EAP-Message = 0x04060004 (5) Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.7 seconds. (0) Cleaning up request packet ID 60 with timestamp +22 due to cleanup_delay was reached (1) Cleaning up request packet ID 61 with timestamp +22 due to cleanup_delay was reached (2) Cleaning up request packet ID 62 with timestamp +22 due to cleanup_delay was reached (3) Cleaning up request packet ID 63 with timestamp +22 due to cleanup_delay was reached (4) Cleaning up request packet ID 64 with timestamp +22 due to cleanup_delay was reached Waking up in 0.2 seconds. (5) Cleaning up request packet ID 65 with timestamp +22 due to cleanup_delay was reached Ready to process requests (6) Received Access-Request Id 66 from 192.168.200.20:51098 to 192.168.10.124:1812 length 269 (6) User-Name = "chris.nzengue" (6) Chargeable-User-Identity = 0x14 (6) Location-Capable = Civic-Location (6) Calling-Station-Id = "98-5a-eb-8e-1c-5c" (6) Called-Station-Id = "00-fc-ba-e1-8f-a0:radius_test" (6) NAS-Port = 1 (6) Cisco-AVPair = "audit-session-id=14c8a8c000008a29505f0f64" (6) Acct-Session-Id = "640f5f48/98:5a:eb:8e:1c:5c/36017" (6) NAS-IP-Address = 192.168.200.20 (6) NAS-Identifier = "Dejamobile" (6) Airespace-Wlan-Id = 1 (6) Service-Type = Framed-User (6) Framed-MTU = 1300 (6) NAS-Port-Type = Wireless-802.11 (6) EAP-Message = 0x020100120163687269732e6e7a656e677565 (6) Message-Authenticator = 0x04716ca8efc66c87deb829afd564835e (6) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (6) authorize { (6) policy filter_username { (6) if (&User-Name) { (6) if (&User-Name) -> TRUE (6) if (&User-Name) { (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@[^@]*@/ ) { (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # if (&User-Name) = notfound (6) } # policy filter_username = notfound (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "chris.nzengue", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) eap: Peer sent EAP Response (code 2) ID 1 length 18 (6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = eap (6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (6) authenticate { (6) eap: Peer sent packet with method EAP Identity (1) (6) eap: Calling submodule eap_ttls to process data (6) eap_ttls: (TLS) Initiating new session (6) eap: Sending EAP Request (code 1) ID 2 length 6 (6) eap: EAP session adding &reply:State = 0xb06a93a4b06886f8 (6) [eap] = handled (6) } # authenticate = handled (6) Using Post-Auth-Type Challenge (6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (6) Challenge { ... } # empty sub-section is ignored (6) session-state: Saving cached attributes (6) Framed-MTU = 994 (6) Sent Access-Challenge Id 66 from 192.168.10.124:1812 to 192.168.200.20:51098 length 64 (6) EAP-Message = 0x010200061520 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0xb06a93a4b06886f8af54277185111954 (6) Finished request Waking up in 4.9 seconds. (7) Received Access-Request Id 67 from 192.168.200.20:51098 to 192.168.10.124:1812 length 430 (7) User-Name = "chris.nzengue" (7) Chargeable-User-Identity = 0x14 (7) Location-Capable = Civic-Location (7) Calling-Station-Id = "98-5a-eb-8e-1c-5c" (7) Called-Station-Id = "00-fc-ba-e1-8f-a0:radius_test" (7) NAS-Port = 1 (7) Cisco-AVPair = "audit-session-id=14c8a8c000008a29505f0f64" (7) Acct-Session-Id = "640f5f48/98:5a:eb:8e:1c:5c/36017" (7) NAS-IP-Address = 192.168.200.20 (7) NAS-Identifier = "Dejamobile" (7) Airespace-Wlan-Id = 1 (7) Service-Type = Framed-User (7) Framed-MTU = 1300 (7) NAS-Port-Type = Wireless-802.11 (7) EAP-Message = 0x020200a115800000009716030100920100008e0303640f5f507ddda497f89309a6801f714fc625ee51897918a136b390ed62ba730300002c00ffc02cc02bc024c023c00ac009c008c030c02fc028c027c014c013c012009d009c003d003c0035002f000a01000039000a00080006001700180019000b00020100000d00120010040102010501060104030203050306030005000501000000000012000000170000 (7) State = 0xb06a93a4b06886f8af54277185111954 (7) Message-Authenticator = 0xc24227a2378efffbc3b1075a04b6469a (7) Restoring &session-state (7) &session-state:Framed-MTU = 994 (7) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (7) authorize { (7) policy filter_username { (7) if (&User-Name) { (7) if (&User-Name) -> TRUE (7) if (&User-Name) { (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@[^@]*@/ ) { (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (7) if (&User-Name =~ /\.\./ ) { (7) if (&User-Name =~ /\.\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\.$/) { (7) if (&User-Name =~ /\.$/) -> FALSE (7) if (&User-Name =~ /@\./) { (7) if (&User-Name =~ /@\./) -> FALSE (7) } # if (&User-Name) = notfound (7) } # policy filter_username = notfound (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "chris.nzengue", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) eap: Peer sent EAP Response (code 2) ID 2 length 161 (7) eap: Continuing tunnel setup (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = eap (7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (7) authenticate { (7) eap: Expiring EAP session with state 0xb06a93a4b06886f8 (7) eap: Finished EAP session with state 0xb06a93a4b06886f8 (7) eap: Previous EAP request found for state 0xb06a93a4b06886f8, released from the list (7) eap: Peer sent packet with method EAP TTLS (21) (7) eap: Calling submodule eap_ttls to process data (7) eap_ttls: Authenticate (7) eap_ttls: (TLS) EAP Peer says that the final record size will be 151 bytes (7) eap_ttls: (TLS) EAP Got all data (151 bytes) (7) eap_ttls: (TLS) Handshake state - before SSL initialization (7) eap_ttls: (TLS) Handshake state - Server before SSL initialization (7) eap_ttls: (TLS) Handshake state - Server before SSL initialization (7) eap_ttls: (TLS) recv TLS 1.3 Handshake, ClientHello (7) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS read client hello (7) eap_ttls: (TLS) send TLS 1.2 Handshake, ServerHello (7) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS write server hello (7) eap_ttls: (TLS) send TLS 1.2 Handshake, Certificate (7) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS write certificate (7) eap_ttls: (TLS) send TLS 1.2 Handshake, ServerKeyExchange (7) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS write key exchange (7) eap_ttls: (TLS) send TLS 1.2 Handshake, ServerHelloDone (7) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS write server done (7) eap_ttls: (TLS) Server : Need to read more data: SSLv3/TLS write server done (7) eap_ttls: (TLS) In Handshake Phase (7) eap: Sending EAP Request (code 1) ID 3 length 1004 (7) eap: EAP session adding &reply:State = 0xb06a93a4b16986f8 (7) [eap] = handled (7) } # authenticate = handled (7) Using Post-Auth-Type Challenge (7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (7) Challenge { ... } # empty sub-section is ignored (7) session-state: Saving cached attributes (7) Framed-MTU = 994 (7) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello" (7) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello" (7) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate" (7) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange" (7) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone" (7) Sent Access-Challenge Id 67 from 192.168.10.124:1812 to 192.168.200.20:51098 length 1068 (7) EAP-Message = 0x010303ec15c0000004b1160303003d020000390303026be732868da5ade139a288a53f8dac55c2b3e393564573fe037abee2d494cb00c030000011ff01000100000b00040300010200170000160303030f0b00030b00030800030530820301308201e9a00302010202140ea85d3ec7ee7aec904f3547480a14d73c892031300d06092a864886f70d01010b050030173115301306035504030c0c726164697573736572766572301e170d3232313131363134303934355a170d3332313131333134303934355a30173115301306035504030c0c72616469757373657276657230820122300d06092a864886f70d01010105000382010f003082010a0282010100adda610f374fc54e2949f1d9a7ba9ad8abf1c24a9773f9ab5fa50b43fefd07a7c61da781fd53b4277cdbe46b9964548a4125a313d4d3df6ee6593fe9dba778843c02dfa1ebceeaf17370dd8604a60085efa9d7b78b0ad571a378b30074bbabef337174fdef87ab30482289f75f3661d0b972299e9aefab (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0xb06a93a4b16986f8af54277185111954 (7) Finished request Waking up in 4.9 seconds. (8) Received Access-Request Id 68 from 192.168.200.20:51098 to 192.168.10.124:1812 length 275 (8) User-Name = "chris.nzengue" (8) Chargeable-User-Identity = 0x14 (8) Location-Capable = Civic-Location (8) Calling-Station-Id = "98-5a-eb-8e-1c-5c" (8) Called-Station-Id = "00-fc-ba-e1-8f-a0:radius_test" (8) NAS-Port = 1 (8) Cisco-AVPair = "audit-session-id=14c8a8c000008a29505f0f64" (8) Acct-Session-Id = "640f5f48/98:5a:eb:8e:1c:5c/36017" (8) NAS-IP-Address = 192.168.200.20 (8) NAS-Identifier = "Dejamobile" (8) Airespace-Wlan-Id = 1 (8) Service-Type = Framed-User (8) Framed-MTU = 1300 (8) NAS-Port-Type = Wireless-802.11 (8) EAP-Message = 0x020300061500 (8) State = 0xb06a93a4b16986f8af54277185111954 (8) Message-Authenticator = 0x0aa15d8721da3796d573e74f7cb9d80a (8) Restoring &session-state (8) &session-state:Framed-MTU = 994 (8) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello" (8) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello" (8) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate" (8) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange" (8) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone" (8) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (8) authorize { (8) policy filter_username { (8) if (&User-Name) { (8) if (&User-Name) -> TRUE (8) if (&User-Name) { (8) if (&User-Name =~ / /) { (8) if (&User-Name =~ / /) -> FALSE (8) if (&User-Name =~ /@[^@]*@/ ) { (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (8) if (&User-Name =~ /\.\./ ) { (8) if (&User-Name =~ /\.\./ ) -> FALSE (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (8) if (&User-Name =~ /\.$/) { (8) if (&User-Name =~ /\.$/) -> FALSE (8) if (&User-Name =~ /@\./) { (8) if (&User-Name =~ /@\./) -> FALSE (8) } # if (&User-Name) = notfound (8) } # policy filter_username = notfound (8) [preprocess] = ok (8) [chap] = noop (8) [mschap] = noop (8) suffix: Checking for suffix after "@" (8) suffix: No '@' in User-Name = "chris.nzengue", looking up realm NULL (8) suffix: No such realm "NULL" (8) [suffix] = noop (8) eap: Peer sent EAP Response (code 2) ID 3 length 6 (8) eap: Continuing tunnel setup (8) [eap] = ok (8) } # authorize = ok (8) Found Auth-Type = eap (8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (8) authenticate { (8) eap: Expiring EAP session with state 0xb06a93a4b16986f8 (8) eap: Finished EAP session with state 0xb06a93a4b16986f8 (8) eap: Previous EAP request found for state 0xb06a93a4b16986f8, released from the list (8) eap: Peer sent packet with method EAP TTLS (21) (8) eap: Calling submodule eap_ttls to process data (8) eap_ttls: Authenticate (8) eap_ttls: (TLS) Peer ACKed our handshake fragment (8) eap: Sending EAP Request (code 1) ID 4 length 217 (8) eap: EAP session adding &reply:State = 0xb06a93a4b26e86f8 (8) [eap] = handled (8) } # authenticate = handled (8) Using Post-Auth-Type Challenge (8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (8) Challenge { ... } # empty sub-section is ignored (8) session-state: Saving cached attributes (8) Framed-MTU = 994 (8) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello" (8) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello" (8) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate" (8) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange" (8) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone" (8) Sent Access-Challenge Id 68 from 192.168.10.124:1812 to 192.168.200.20:51098 length 275 (8) EAP-Message = 0x010400d91580000004b10097f501404446d75765f353e00ba11a38c9d8b03b8130c97ab3f461a973c837c7278ca05260132dc7ffc2d9c69d6278f4caec292bbf3aff547982a6b646b89840697c34aea050230143a6f341d6e4f77d711e272bc2e5ba7f44ea03b6b7c479aa6c67a5be51d58da3f67d07e01d59ca0f334c88390e756a0c203664a2f49a9669863b039ae7aa5358457baf93418877a8fabc3f4441c6453431c6d573e831809067d2470dcbfa6812a24a9e445579080900d3582d14ad2eb69fcbadfae89ee4884679ac77d716030300040e000000 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0xb06a93a4b26e86f8af54277185111954 (8) Finished request Waking up in 4.9 seconds. (9) Received Access-Request Id 69 from 192.168.200.20:51098 to 192.168.10.124:1812 length 405 (9) User-Name = "chris.nzengue" (9) Chargeable-User-Identity = 0x14 (9) Location-Capable = Civic-Location (9) Calling-Station-Id = "98-5a-eb-8e-1c-5c" (9) Called-Station-Id = "00-fc-ba-e1-8f-a0:radius_test" (9) NAS-Port = 1 (9) Cisco-AVPair = "audit-session-id=14c8a8c000008a29505f0f64" (9) Acct-Session-Id = "640f5f48/98:5a:eb:8e:1c:5c/36017" (9) NAS-IP-Address = 192.168.200.20 (9) NAS-Identifier = "Dejamobile" (9) Airespace-Wlan-Id = 1 (9) Service-Type = Framed-User (9) Framed-MTU = 1300 (9) NAS-Port-Type = Wireless-802.11 (9) EAP-Message = 0x0204008815800000007e1603030046100000424104bcb05e9ba5ebc01969e6451ca2dd8ad3047d264fb49a0aaae1334245f3ee007cd0571e406182d4db73c00ef12beaecdfeeed8ba828f08f1da11b3823a09027061403030001011603030028055c825a7cda76658bf919b822b00a85ba2962186168f0200f034e6a59d44623e1dcb6961e119655 (9) State = 0xb06a93a4b26e86f8af54277185111954 (9) Message-Authenticator = 0xd05333313b7f97d9f662c7176758ee93 (9) Restoring &session-state (9) &session-state:Framed-MTU = 994 (9) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello" (9) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello" (9) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate" (9) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange" (9) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone" (9) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (9) authorize { (9) policy filter_username { (9) if (&User-Name) { (9) if (&User-Name) -> TRUE (9) if (&User-Name) { (9) if (&User-Name =~ / /) { (9) if (&User-Name =~ / /) -> FALSE (9) if (&User-Name =~ /@[^@]*@/ ) { (9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (9) if (&User-Name =~ /\.\./ ) { (9) if (&User-Name =~ /\.\./ ) -> FALSE (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (9) if (&User-Name =~ /\.$/) { (9) if (&User-Name =~ /\.$/) -> FALSE (9) if (&User-Name =~ /@\./) { (9) if (&User-Name =~ /@\./) -> FALSE (9) } # if (&User-Name) = notfound (9) } # policy filter_username = notfound (9) [preprocess] = ok (9) [chap] = noop (9) [mschap] = noop (9) suffix: Checking for suffix after "@" (9) suffix: No '@' in User-Name = "chris.nzengue", looking up realm NULL (9) suffix: No such realm "NULL" (9) [suffix] = noop (9) eap: Peer sent EAP Response (code 2) ID 4 length 136 (9) eap: Continuing tunnel setup (9) [eap] = ok (9) } # authorize = ok (9) Found Auth-Type = eap (9) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (9) authenticate { (9) eap: Expiring EAP session with state 0xb06a93a4b26e86f8 (9) eap: Finished EAP session with state 0xb06a93a4b26e86f8 (9) eap: Previous EAP request found for state 0xb06a93a4b26e86f8, released from the list (9) eap: Peer sent packet with method EAP TTLS (21) (9) eap: Calling submodule eap_ttls to process data (9) eap_ttls: Authenticate (9) eap_ttls: (TLS) EAP Peer says that the final record size will be 126 bytes (9) eap_ttls: (TLS) EAP Got all data (126 bytes) (9) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS write server done (9) eap_ttls: (TLS) recv TLS 1.2 Handshake, ClientKeyExchange (9) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS read client key exchange (9) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS read change cipher spec (9) eap_ttls: (TLS) recv TLS 1.2 Handshake, Finished (9) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS read finished (9) eap_ttls: (TLS) send TLS 1.2 ChangeCipherSpec (9) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS write change cipher spec (9) eap_ttls: (TLS) send TLS 1.2 Handshake, Finished (9) eap_ttls: (TLS) Handshake state - Server SSLv3/TLS write finished (9) eap_ttls: (TLS) Handshake state - SSL negotiation finished successfully (9) eap_ttls: (TLS) Connection Established (9) eap_ttls: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (9) eap_ttls: TLS-Session-Version = "TLS 1.2" (9) eap: Sending EAP Request (code 1) ID 5 length 61 (9) eap: EAP session adding &reply:State = 0xb06a93a4b36f86f8 (9) [eap] = handled (9) } # authenticate = handled (9) Using Post-Auth-Type Challenge (9) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (9) Challenge { ... } # empty sub-section is ignored (9) session-state: Saving cached attributes (9) Framed-MTU = 994 (9) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello" (9) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello" (9) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate" (9) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange" (9) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone" (9) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange" (9) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished" (9) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec" (9) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished" (9) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (9) TLS-Session-Version = "TLS 1.2" (9) Sent Access-Challenge Id 69 from 192.168.10.124:1812 to 192.168.200.20:51098 length 119 (9) EAP-Message = 0x0105003d1580000000331403030001011603030028d24fc42abd6c93595bca05ae4f609d15cc9e9d1390c6ebadf69d8306c02f665f730329bbc16fba9b (9) Message-Authenticator = 0x00000000000000000000000000000000 (9) State = 0xb06a93a4b36f86f8af54277185111954 (9) Finished request Waking up in 4.9 seconds. (10) Received Access-Request Id 70 from 192.168.200.20:51098 to 192.168.10.124:1812 length 336 (10) User-Name = "chris.nzengue" (10) Chargeable-User-Identity = 0x14 (10) Location-Capable = Civic-Location (10) Calling-Station-Id = "98-5a-eb-8e-1c-5c" (10) Called-Station-Id = "00-fc-ba-e1-8f-a0:radius_test" (10) NAS-Port = 1 (10) Cisco-AVPair = "audit-session-id=14c8a8c000008a29505f0f64" (10) Acct-Session-Id = "640f5f48/98:5a:eb:8e:1c:5c/36017" (10) NAS-IP-Address = 192.168.200.20 (10) NAS-Identifier = "Dejamobile" (10) Airespace-Wlan-Id = 1 (10) Service-Type = Framed-User (10) Framed-MTU = 1300 (10) NAS-Port-Type = Wireless-802.11 (10) EAP-Message = 0x020500431580000000391703030034055c825a7cda7666218232272050e9269e4ece33975dec65f19718088ca239cb67788e727536ddf614279eaea1b61c1441a4726b (10) State = 0xb06a93a4b36f86f8af54277185111954 (10) Message-Authenticator = 0xb6621b928cfd197b4a86cdad6c58c6f9 (10) Restoring &session-state (10) &session-state:Framed-MTU = 994 (10) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello" (10) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello" (10) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate" (10) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange" (10) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone" (10) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange" (10) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished" (10) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec" (10) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished" (10) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (10) &session-state:TLS-Session-Version = "TLS 1.2" (10) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (10) authorize { (10) policy filter_username { (10) if (&User-Name) { (10) if (&User-Name) -> TRUE (10) if (&User-Name) { (10) if (&User-Name =~ / /) { (10) if (&User-Name =~ / /) -> FALSE (10) if (&User-Name =~ /@[^@]*@/ ) { (10) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (10) if (&User-Name =~ /\.\./ ) { (10) if (&User-Name =~ /\.\./ ) -> FALSE (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (10) if (&User-Name =~ /\.$/) { (10) if (&User-Name =~ /\.$/) -> FALSE (10) if (&User-Name =~ /@\./) { (10) if (&User-Name =~ /@\./) -> FALSE (10) } # if (&User-Name) = notfound (10) } # policy filter_username = notfound (10) [preprocess] = ok (10) [chap] = noop (10) [mschap] = noop (10) suffix: Checking for suffix after "@" (10) suffix: No '@' in User-Name = "chris.nzengue", looking up realm NULL (10) suffix: No such realm "NULL" (10) [suffix] = noop (10) eap: Peer sent EAP Response (code 2) ID 5 length 67 (10) eap: Continuing tunnel setup (10) [eap] = ok (10) } # authorize = ok (10) Found Auth-Type = eap (10) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (10) authenticate { (10) eap: Expiring EAP session with state 0xb06a93a4b36f86f8 (10) eap: Finished EAP session with state 0xb06a93a4b36f86f8 (10) eap: Previous EAP request found for state 0xb06a93a4b36f86f8, released from the list (10) eap: Peer sent packet with method EAP TTLS (21) (10) eap: Calling submodule eap_ttls to process data (10) eap_ttls: Authenticate (10) eap_ttls: (TLS) EAP Peer says that the final record size will be 57 bytes (10) eap_ttls: (TLS) EAP Got all data (57 bytes) (10) eap_ttls: Session established. Proceeding to decode tunneled attributes (10) eap_ttls: Got tunneled request (10) eap_ttls: EAP-Message = 0x020000120163687269732e6e7a656e677565 (10) eap_ttls: FreeRADIUS-Proxied-To = 127.0.0.1 (10) eap_ttls: Got tunneled identity of chris.nzengue (10) eap_ttls: Setting default EAP type for tunneled EAP session (10) eap_ttls: Sending tunneled request (10) Virtual server inner-tunnel received request (10) EAP-Message = 0x020000120163687269732e6e7a656e677565 (10) FreeRADIUS-Proxied-To = 127.0.0.1 (10) User-Name = "chris.nzengue" (10) WARNING: Outer and inner identities are the same. User privacy is compromised. (10) server inner-tunnel { (10) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (10) authorize { (10) policy filter_username { (10) if (&User-Name) { (10) if (&User-Name) -> TRUE (10) if (&User-Name) { (10) if (&User-Name =~ / /) { (10) if (&User-Name =~ / /) -> FALSE (10) if (&User-Name =~ /@[^@]*@/ ) { (10) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (10) if (&User-Name =~ /\.\./ ) { (10) if (&User-Name =~ /\.\./ ) -> FALSE (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (10) if (&User-Name =~ /\.$/) { (10) if (&User-Name =~ /\.$/) -> FALSE (10) if (&User-Name =~ /@\./) { (10) if (&User-Name =~ /@\./) -> FALSE (10) } # if (&User-Name) = notfound (10) } # policy filter_username = notfound (10) [chap] = noop (10) [mschap] = noop (10) suffix: Checking for suffix after "@" (10) suffix: No '@' in User-Name = "chris.nzengue", looking up realm NULL (10) suffix: No such realm "NULL" (10) [suffix] = noop (10) update control { (10) &Proxy-To-Realm := LOCAL (10) } # update control = noop (10) eap: Peer sent EAP Response (code 2) ID 0 length 18 (10) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (10) [eap] = ok (10) } # authorize = ok (10) Found Auth-Type = eap (10) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (10) authenticate { (10) eap: Peer sent packet with method EAP Identity (1) (10) eap: Calling submodule eap_md5 to process data (10) eap_md5: Issuing MD5 Challenge (10) eap: Sending EAP Request (code 1) ID 1 length 22 (10) eap: EAP session adding &reply:State = 0x4402aae04403aead (10) [eap] = handled (10) } # authenticate = handled (10) } # server inner-tunnel (10) Virtual server sending reply (10) EAP-Message = 0x0101001604102159bde60b2e60420dd98342dac2e574 (10) Message-Authenticator = 0x00000000000000000000000000000000 (10) State = 0x4402aae04403aead50a58e9ebcef6551 (10) eap_ttls: Got tunneled Access-Challenge (10) eap: Sending EAP Request (code 1) ID 6 length 71 (10) eap: EAP session adding &reply:State = 0xb06a93a4b46c86f8 (10) [eap] = handled (10) } # authenticate = handled (10) Using Post-Auth-Type Challenge (10) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (10) Challenge { ... } # empty sub-section is ignored (10) session-state: Saving cached attributes (10) Framed-MTU = 994 (10) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello" (10) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello" (10) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate" (10) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange" (10) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone" (10) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange" (10) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished" (10) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec" (10) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished" (10) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (10) TLS-Session-Version = "TLS 1.2" (10) Sent Access-Challenge Id 70 from 192.168.10.124:1812 to 192.168.200.20:51098 length 129 (10) EAP-Message = 0x0106004715800000003d1703030038d24fc42abd6c935a2809ce7be46cc5d28f9e549f3edb4ca54df04a5f174a5c1cdd6f37b0d9fbc84103a89bdcdfb38565a66a5bc2dfb19654 (10) Message-Authenticator = 0x00000000000000000000000000000000 (10) State = 0xb06a93a4b46c86f8af54277185111954 (10) Finished request Waking up in 4.9 seconds. (11) Received Access-Request Id 71 from 192.168.200.20:51098 to 192.168.10.124:1812 length 352 (11) User-Name = "chris.nzengue" (11) Chargeable-User-Identity = 0x14 (11) Location-Capable = Civic-Location (11) Calling-Station-Id = "98-5a-eb-8e-1c-5c" (11) Called-Station-Id = "00-fc-ba-e1-8f-a0:radius_test" (11) NAS-Port = 1 (11) Cisco-AVPair = "audit-session-id=14c8a8c000008a29505f0f64" (11) Acct-Session-Id = "640f5f48/98:5a:eb:8e:1c:5c/36017" (11) NAS-IP-Address = 192.168.200.20 (11) NAS-Identifier = "Dejamobile" (11) Airespace-Wlan-Id = 1 (11) Service-Type = Framed-User (11) Framed-MTU = 1300 (11) NAS-Port-Type = Wireless-802.11 (11) EAP-Message = 0x020600531580000000491703030044055c825a7cda7667c7154a803cd94615441be6ab0d2222f75f36d997c204e0545d45ab5925417126f12750a01296cd1c296d4dc91bf7d63e7573fa858f504a3c9b0fdf50 (11) State = 0xb06a93a4b46c86f8af54277185111954 (11) Message-Authenticator = 0xbc7275f34cf240da340a2c24f6b95a75 (11) Restoring &session-state (11) &session-state:Framed-MTU = 994 (11) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello" (11) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello" (11) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate" (11) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange" (11) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone" (11) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange" (11) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished" (11) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec" (11) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished" (11) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (11) &session-state:TLS-Session-Version = "TLS 1.2" (11) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (11) authorize { (11) policy filter_username { (11) if (&User-Name) { (11) if (&User-Name) -> TRUE (11) if (&User-Name) { (11) if (&User-Name =~ / /) { (11) if (&User-Name =~ / /) -> FALSE (11) if (&User-Name =~ /@[^@]*@/ ) { (11) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (11) if (&User-Name =~ /\.\./ ) { (11) if (&User-Name =~ /\.\./ ) -> FALSE (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (11) if (&User-Name =~ /\.$/) { (11) if (&User-Name =~ /\.$/) -> FALSE (11) if (&User-Name =~ /@\./) { (11) if (&User-Name =~ /@\./) -> FALSE (11) } # if (&User-Name) = notfound (11) } # policy filter_username = notfound (11) [preprocess] = ok (11) [chap] = noop (11) [mschap] = noop (11) suffix: Checking for suffix after "@" (11) suffix: No '@' in User-Name = "chris.nzengue", looking up realm NULL (11) suffix: No such realm "NULL" (11) [suffix] = noop (11) eap: Peer sent EAP Response (code 2) ID 6 length 83 (11) eap: Continuing tunnel setup (11) [eap] = ok (11) } # authorize = ok (11) Found Auth-Type = eap (11) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (11) authenticate { (11) eap: Expiring EAP session with state 0x4402aae04403aead (11) eap: Finished EAP session with state 0xb06a93a4b46c86f8 (11) eap: Previous EAP request found for state 0xb06a93a4b46c86f8, released from the list (11) eap: Peer sent packet with method EAP TTLS (21) (11) eap: Calling submodule eap_ttls to process data (11) eap_ttls: Authenticate (11) eap_ttls: (TLS) EAP Peer says that the final record size will be 73 bytes (11) eap_ttls: (TLS) EAP Got all data (73 bytes) (11) eap_ttls: Session established. Proceeding to decode tunneled attributes (11) eap_ttls: Got tunneled request (11) eap_ttls: EAP-Message = 0x020100230410c7fd95c7eb515678451ac8a352b9078363687269732e6e7a656e677565 (11) eap_ttls: FreeRADIUS-Proxied-To = 127.0.0.1 (11) eap_ttls: Sending tunneled request (11) Virtual server inner-tunnel received request (11) EAP-Message = 0x020100230410c7fd95c7eb515678451ac8a352b9078363687269732e6e7a656e677565 (11) FreeRADIUS-Proxied-To = 127.0.0.1 (11) User-Name = "chris.nzengue" (11) State = 0x4402aae04403aead50a58e9ebcef6551 (11) WARNING: Outer and inner identities are the same. User privacy is compromised. (11) server inner-tunnel { (11) session-state: No cached attributes (11) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (11) authorize { (11) policy filter_username { (11) if (&User-Name) { (11) if (&User-Name) -> TRUE (11) if (&User-Name) { (11) if (&User-Name =~ / /) { (11) if (&User-Name =~ / /) -> FALSE (11) if (&User-Name =~ /@[^@]*@/ ) { (11) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (11) if (&User-Name =~ /\.\./ ) { (11) if (&User-Name =~ /\.\./ ) -> FALSE (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (11) if (&User-Name =~ /\.$/) { (11) if (&User-Name =~ /\.$/) -> FALSE (11) if (&User-Name =~ /@\./) { (11) if (&User-Name =~ /@\./) -> FALSE (11) } # if (&User-Name) = notfound (11) } # policy filter_username = notfound (11) [chap] = noop (11) [mschap] = noop (11) suffix: Checking for suffix after "@" (11) suffix: No '@' in User-Name = "chris.nzengue", looking up realm NULL (11) suffix: No such realm "NULL" (11) [suffix] = noop (11) update control { (11) &Proxy-To-Realm := LOCAL (11) } # update control = noop (11) eap: Peer sent EAP Response (code 2) ID 1 length 35 (11) eap: No EAP Start, assuming it's an on-going EAP conversation (11) [eap] = updated (11) files: Searching for user in group "AADDC Users" rlm_ldap (ldap): Reserved connection (2) (11) files: EXPAND (&(objectClass=user)(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})) (11) files: --> (&(objectClass=user)(sAMAccountName=chris.nzengue)) (11) files: Performing search in "ou=AADDC Users,dc=dejamobile,dc=com" with filter "(&(objectClass=user)(sAMAccountName=chris.nzengue))", scope "sub" (11) files: Waiting for search result... (11) files: User object found at DN "CN=Chris Nzengue - dejamobile externe,OU=AADDC Users,DC=dejamobile,DC=com" (11) files: Checking user object's memberOf attributes (11) files: Performing unfiltered search in "CN=Chris Nzengue - dejamobile externe,OU=AADDC Users,DC=dejamobile,DC=com", scope "base" (11) files: Waiting for search result... (11) files: Processing memberOf value "CN=SSL_VPN_SSO,OU=AADDC Users,DC=dejamobile,DC=com" as a DN (11) files: Resolving group DN "CN=SSL_VPN_SSO,OU=AADDC Users,DC=dejamobile,DC=com" to group name (11) files: Performing unfiltered search in "CN=SSL_VPN_SSO,OU=AADDC Users,DC=dejamobile,DC=com", scope "base" (11) files: Waiting for search result... (11) files: Group DN "CN=SSL_VPN_SSO,OU=AADDC Users,DC=dejamobile,DC=com" resolves to name "SSL_VPN_SSO" (11) files: Processing memberOf value "CN=DejaTeam,OU=AADDC Users,DC=dejamobile,DC=com" as a DN (11) files: Resolving group DN "CN=DejaTeam,OU=AADDC Users,DC=dejamobile,DC=com" to group name (11) files: Performing unfiltered search in "CN=DejaTeam,OU=AADDC Users,DC=dejamobile,DC=com", scope "base" (11) files: Waiting for search result... (11) files: Group DN "CN=DejaTeam,OU=AADDC Users,DC=dejamobile,DC=com" resolves to name "DejaTeam" (11) files: Processing memberOf value "CN=deja-developpeur,OU=AADDC Users,DC=dejamobile,DC=com" as a DN (11) files: Resolving group DN "CN=deja-developpeur,OU=AADDC Users,DC=dejamobile,DC=com" to group name (11) files: Performing unfiltered search in "CN=deja-developpeur,OU=AADDC Users,DC=dejamobile,DC=com", scope "base" (11) files: Waiting for search result... (11) files: Group DN "CN=deja-developpeur,OU=AADDC Users,DC=dejamobile,DC=com" resolves to name "deja-developpeur" rlm_ldap (ldap): Released connection (2) Need more connections to reach 10 spares rlm_ldap (ldap): Opening additional connection (6), 1 of 26 pending slots used rlm_ldap (ldap): Connecting to ldaps://aadds.dejamobile.com:636 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful (11) files: User is not a member of "AADDC Users" (11) [files] = noop rlm_ldap (ldap): Reserved connection (3) (11) ldap: EXPAND (&(objectClass=user)(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})) (11) ldap: --> (&(objectClass=user)(sAMAccountName=chris.nzengue)) (11) ldap: Performing search in "ou=AADDC Users,dc=dejamobile,dc=com" with filter "(&(objectClass=user)(sAMAccountName=chris.nzengue))", scope "sub" (11) ldap: Waiting for search result... (11) ldap: User object found at DN "CN=Chris Nzengue - dejamobile externe,OU=AADDC Users,DC=dejamobile,DC=com" (11) ldap: Processing user attributes (11) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute (11) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure) rlm_ldap (ldap): Released connection (3) (11) [ldap] = ok (11) [expiration] = noop (11) [logintime] = noop (11) [pap] = noop (11) } # authorize = updated (11) Found Auth-Type = eap (11) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (11) authenticate { (11) eap: Expiring EAP session with state 0x4402aae04403aead (11) eap: Finished EAP session with state 0x4402aae04403aead (11) eap: Previous EAP request found for state 0x4402aae04403aead, released from the list (11) eap: Peer sent packet with method EAP MD5 (4) (11) eap: Calling submodule eap_md5 to process data (11) eap_md5: ERROR: Cleartext-Password is required for EAP-MD5 authentication (11) eap: ERROR: Failed continuing EAP MD5 (4) session. EAP sub-module failed (11) eap: Sending EAP Failure (code 4) ID 1 length 4 (11) eap: Failed in EAP select (11) [eap] = invalid (11) } # authenticate = invalid (11) Failed to authenticate the user (11) Using Post-Auth-Type Reject (11) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (11) Post-Auth-Type REJECT { (11) attr_filter.access_reject: EXPAND %{User-Name} (11) attr_filter.access_reject: --> chris.nzengue (11) attr_filter.access_reject: Matched entry DEFAULT at line 11 (11) [attr_filter.access_reject] = updated (11) update outer.session-state { (11) &Module-Failure-Message := &request:Module-Failure-Message -> 'eap_md5: Cleartext-Password is required for EAP-MD5 authentication' (11) } # update outer.session-state = noop (11) } # Post-Auth-Type REJECT = updated (11) } # server inner-tunnel (11) Virtual server sending reply (11) EAP-Message = 0x04010004 (11) Message-Authenticator = 0x00000000000000000000000000000000 (11) eap_ttls: Got tunneled Access-Reject (11) eap: ERROR: Failed continuing EAP TTLS (21) session. EAP sub-module failed (11) eap: Sending EAP Failure (code 4) ID 6 length 4 (11) eap: Failed in EAP select (11) [eap] = invalid (11) } # authenticate = invalid (11) Failed to authenticate the user (11) Using Post-Auth-Type Reject (11) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (11) Post-Auth-Type REJECT { (11) attr_filter.access_reject: EXPAND %{User-Name} (11) attr_filter.access_reject: --> chris.nzengue (11) attr_filter.access_reject: Matched entry DEFAULT at line 11 (11) [attr_filter.access_reject] = updated (11) [eap] = noop (11) policy remove_reply_message_if_eap { (11) if (&reply:EAP-Message && &reply:Reply-Message) { (11) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (11) else { (11) [noop] = noop (11) } # else = noop (11) } # policy remove_reply_message_if_eap = noop (11) } # Post-Auth-Type REJECT = updated (11) Delaying response for 1.000000 seconds Waking up in 0.1 seconds. Waking up in 0.8 seconds. (11) Sending delayed response (11) Sent Access-Reject Id 71 from 192.168.10.124:1812 to 192.168.200.20:51098 length 44 (11) EAP-Message = 0x04060004 (11) Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.7 seconds. (6) Cleaning up request packet ID 66 with timestamp +42 due to cleanup_delay was reached (7) Cleaning up request packet ID 67 with timestamp +42 due to cleanup_delay was reached (8) Cleaning up request packet ID 68 with timestamp +42 due to cleanup_delay was reached (9) Cleaning up request packet ID 69 with timestamp +43 due to cleanup_delay was reached (10) Cleaning up request packet ID 70 with timestamp +43 due to cleanup_delay was reached Waking up in 0.2 seconds. (11) Cleaning up request packet ID 71 with timestamp +43 due to cleanup_delay was reached Ready to process requests Chris Nzengue Stagiaire DEVOPS DEVOPS internship Fixe / Office: +33(2)14747500 chris.nzengue@dejamobile.com<mailto:%7BE-mail%7D> [cid:logo-500x500_8c612466-939f-4f99-8d85-3affb0831c87.png] [cid:SocialLink_Linkedin_32x32_44e008ea-1b1a-4fa0-b32f-2c845382148a.png] <https://www.linkedin.com/company/dejamobile/> [cid:SocialLink_Twitter_32x32_082f5645-c4de-4011-bd63-3d63208f4a3e.png] <https://twitter.com/dejamobile> <https://www.linkedin.com/company/dejamobile/><https://www.linkedin.com/company/dejamobile/>[cid:mpe23mail_8ab29f82-07d3-4119-943b-776a4cea5fb3.png]<https://www.merchantpaymentsecosystem.com/>